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FIG. 3 



USER CONNECTS TO NETWORK ACCESS SERVER 60 



I 



NETWORK ACCESS SERVER 60 AUTHENTICATES USER 
TYPICALLY USING CALLER ID 

I 



AUTHENTICATION SERVER 14 REQUESTS IP 
ADDRESS FROM IP ADDRESS MANAGER 30 
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RADIUS ACCESS- REQUEST MESSAGE, INCLUDING SELECTED ISP, 
SENT TO AUTHENTICATION SERVER 14 
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ROUTER CONFIGURING ENGINE 40 CONFIGURES NAT TABLES OF ROUTER , 
50 AND ROUTING POLICIES OF CENTRAL ROUTER, USING HTTP PROTOCOL 
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RADIUS START-ACCOUNTING MESSAGE SENT TO ACCOUNTING SERVER 20 



USER ELECTS TO DISCONTINUE CONNECTION TO ISP 10 
OR TRANSFER TO ANOTHER ISP 10 
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RADIUS STOP-ACCOUNTING MESSAGE SENT TO 
ACCOUNTING SERVER 20 BY NAS 60 
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TO ACCOUNTING MAMAGER 20 
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AND OF ISP 10 TO IP ADDRESS MANAGER 30 
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FIG. 5 



PROVIDE COMMUNICATIONS, FROM THE 
NETWORK ROUTING CENTER, WITH A NETWORK 
USER AND WITH AT LEAST ONE INTERNET 

SERVICE PROVIDER (ISP) 



RECEIVE A USER IDENTIFICATION OF THE 
NETWORK USER FROM THE ROUTING CENTER 



AUTHENTICATE THE NETWORK USER BASED, 
AT LEAST IN PART, ON THE IDENTIFICATION 
OF THE NETWORK USER (STEP 280) 



CHOOSE AN ISP AND COMMUNICATE AN ISP 
IDENTIFICATION IDENTIFYING THE ISP TO 
THE ROUTING CENTER 
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WITH THE ISP IDENTIFICATION 
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FIG. 7 



ESTABLISH A CONNECTION, THROUGH THE 
ROUTING CENTER, BETWEEN A USER AND 
A SERVICE PROVIDER 



ROUTE COMMUNICATIONS, AT THE ROUTING 
CENTER, BETWEEN THE USER AND 
THE SERVICE PROVIDER 
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AN ITEM ASSOCIATED WITH A PAYMENT 
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AUTHORIZATION OF THE PAYMENT 
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APPARATUS AND METHODS FOR CONNECTING A NETWORK USER TO A NETWORK SEB M.CE— 
— — ""TTDETT - ^ " 



FIELD OF THE INVENTION 
The present invention relates to apparatus and methods for connecting a 
user to a network such as the Internet, and in particular to providing connections 
between users and ISPs (Internet Service Providers). 



BACKGROUND OF THE INVENTION 



A plethora of ISPs (Internet service providers) are in operation which 
provide access to the Internet. Users must sign up with -each ISP directly and cannot 

15 switch between ISPs on the fly. 

It is well-known in the art for an ISP to provide its own POP (point of 
presence) in every local area where the ISP wishes to provide connection service for 
individual users. Typically, the ISP establishes, for each POP, an office including a 
defined number of telephone lines, each telephone line being associated with a modem, 

20 an ISDN connection, or similar terminal equipment, and each telephone line being 
intended to support a single individual user dial-in connection. Typically, multiplexing 
equipment, routing equipment, and other communications equipment is provided locally 
at the POP to complete the connection between the individual user and the Internet. 

The RADIUS (Remote Authentication Dial In User Service) protocol, 

25 described in RFC 2138 and RFC 2139, both dated April 1997 and both published by the 
Internet Engineering Task Force can be used to remotely authenticate a dial-in user of a 
computer service. 

IP addressing rules related to the field of the present invention are 
described in RFC 1 9 1 8 of the Internet Engineering Task Force. 
30 Inverse Network Technology, Inc. generates performance profiles for 

various Internet Service Providers. 

ISP Alliance, Inc. provides a shared cost, transparent services system 
which allows a subscriber to provide Internet services to customers without actually 
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having the infrastructure to provide the Internet services. 

The disclosures of all references mentioned above and throughout the 
present specification are hereby incorporated herein by reference. 
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The present invention seeks to provide improved apparatus and 
methods for connecting a user to a network such as the Internet. 

There is thus provided in accordance with a preferred embodiment of 
the present invention a system for connecting to Internet service providers via 
networking circuitry, the system including a user interface operative to accept a user's 
choice of an Internet service provider from among a plurality of Internet service 
providers and a configurator operative to connect the user to the user-selected Internet 
service provider by generating an on-the-fly configuration of the networking circuitry. 

The user interface may include a web-based display. The term "web- 
based display" is used throughout the present specification and claims to refer to an 
HTML (Hypertext Markup Language) or similar page that may be viewed by a standard 
WWW browser or a similar program. 

The user interface may include a display of at least some of the plurality 
of Internet service providers. 

Preferably, initial communications between user and the system of the 
present invention, until selection of an ISP by the user, are carried out using IP 
protocol and the server of the system allocates an internal IP address to the user. 
Once the user selects an ISP, a second IP address is allocated to the user, from 
among a pool of IP addresses belonging to the selected ISP. The second IP address is 
used, typically via network address translation (NAT) as is well known in the art, as an 
external address representing the user to the Internet. The internal IP address is typically 
retained by the user until logging out of the system or hanging up the connection. 

Preferably, a telephone company allocates to the system of the present 
invention a local number which any subscriber can dial. The subscriber connects to the 
system of the present invention via the telephone company and a conventional 
modem. Typically, the telephone company subscriber's telephone number functions as 
his or her login/password and no additional password need be assigned to him or her. 

Preferably, the telephone company subscriber is billed for use of the 
system of the present invention, as part of their telephone bill, similar to billing of 
other special services provided over the telephone such as long distance service. The 
subscriber therefore does not need to provide his or her credit card number. 
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Also provided, in accordance with a preferred embodiment of the 
present invention, is a method for connecting to Internet service providers via 
networking circuitry, the method including displaying a list of a plurality of Internet 
service providers to a user, accepting a user's choice of an Internet service provider 
5 from among the plurality of Internet service providers, and connecting the user to the 

user-selected Internet service provider by generating an on-the-fly configuration 
of the networking circuitry. 

There is also provided in accordance with another preferred embodiment 
of the present invention a system for connecting to Internet service providers via 
10 networking circuitry, the system including a user interface operative to display 
information regarding a plurality of Internet service providers including quality of 
service information and to accept a user's choice of an Internet service provider from 
among the plurality of Internet service providers, thereby, to define a user-selected 
Internet service provider, and a configurator operative to connect the user to the user- 
15 selected Internet service provider by generating an on-the-fly configuration of the 
networking circuitry. 

Further in accordance with a preferred embodiment of the present 
invention the user interface includes a web-based display. 

Still further in accordance with a preferred embodiment of the present 
20 invention the user interface includes a display of at least some of the plurality of 
Internet service providers. 

Additionally in accordance with a preferred embodiment of the present 
invention the system also includes user identification apparatus operative to identify the 
user. 

25 Moreover in accordance with a preferred embodiment of the present 

invention the user identification apparatus is operative to identify the user based on a 
telephone number used by the user to establish a connection with the system. 

There is also provided in accordance with another preferred embodiment 
of the present invention a method for connecting to Internet service providers via 

30 networking circuitry, the method including displaying information regarding a plurality 
of Internet service providers including quality of service information, accepting a user's 
choice of an Internet service provider from among the plurality of Internet service 
providers, thereby to define a user-selected Internet service provider, and connecting the 
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user to the user-selected Internet service provider by generating an on-the-fly 
configuration of the networking circuitry. 

There is also provided in accordance with another preferred embodiment 
of the present invention a virtual point of presence (POP) including a routing center 
5 operative to communicate with a network user and with at least one Internet Service 
Provider (ISP) and to route communications therebetween, and an authentication and 
ISP routing center receiving an identification of the network user from the routing center 
and operative to authenticate the network user based, at least in part, on the 
identification of the network user, and to choose an ISP and to communicate an ISP 
10 identification identifying the ISP to the routing center, the routing center being 
operative, upon receipt of the ISP identification, to route communications from the 
network user to an ISP associated with the ISP identification. 

Further in accordance with a preferred embodiment of the present 
invention the authentication and ISP routing center is operative to choose the ISP based 
15 on a telephone number of the network user. 

Further in accordance with a preferred embodiment of the present 
invention the authentication and ISP routing center is operative to choose the ISP based, 
at least in part, on at least one of the following a telephone number of the network user, 
identifying information of the network user, and profile information of the network user. 
20 Further in accordance with a preferred embodiment of the present 

invention the routing center is also operative to maintain accounting records of routing 
services performed for the network user and the ISP. 

There is also provided in accordance with another preferred embodiment 
of the present invention a method for providing a virtual point of presence (POP) using a 
25 network routing center, the method including providing communications, from the 

network routing center, with a network user and with at least one Internet Service 
Provider (ISP), receiving an identification of the network user from the routing center, 
authenticating the network user based, at least in pan, on the identification of the 
network user, choosing an ISP and communicating an ISP identification identifying the 
30 ISP to the routing center, and routing communications from the network user to an ISP 
associated with the ISP identification. 

Further in accordance with a preferred embodiment of the present 
invention the method also includes storing utilization information in a database. 
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Still further in accordance with a preferred embodiment of the present 
invention the method also includes producing a report based on the utilization 
information. 

There is also provided in accordance with another preferred embodiment 
of the present invention a payment processing method for processing payments over a 
network, the network including a routing center for routing communications between at 
least one user and at least one service provider, the method including establishing a 
connection, through the routing center, between a user and a service provider, routing 
communications, at the routing center, between the user and the service provider, 
requesting, through the service provider, an item associated with a payment, initiating, at 
the routing center, an authorization of the payment, and receiving, at the routing center, 
billing information including a request to pay the payment. 

Further in accordance with a preferred embodiment of the present 
invention the method also includes paying the requested payment from the routing 
center. 

Still further in accordance with a preferred embodiment of the present 
invention the paying step includes aggregating a plurality of requested payments into a 
single payment. 

Additionally in accordance with a preferred embodiment of the present 
invention the service provider includes an Internet service provider (ISP), and the 
requesting step includes requesting an item from a World Wide Web (WWW) site. 

Moreover in accordance with a preferred embodiment of the present 
invention the system includes an on-the-fly ISP performance monitor operative to 
monitor performance of at least one ISP on the fly and to supply at least one quality of 
service parameter to the user interface for display. 

Further in accordance with a preferred embodiment of the present 
invention the system also includes an infrastructure leaser operative to lease network 
infrastructure to at least one Internet service provider. 

Additionally in accordance with a preferred embodiment of the present 
invention the infrastructure leaser is operative to lease network infrastructure to at least 
one Internet service provider from among the plurality of Internet service providers. 

Moreover in accordance with a preferred embodiment of the present 
invention the system also includes a resource utilization monitor operative to record 
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information regarding occurrence of at least one of the following situations with respect 
to network infrastructure leased by at least one Internet service provider: 
underutilization of the infrastructure leased by the at least one Internet service provider, 
and overutilization of the infrastructure leased by the at least one Internet service 
5 provider. 

Further in accordance with a preferred embodiment of the present 
invention the recording step is performed on the fly. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
The present invention will be understood and appreciated from the 

following detailed description, taken in conjunction with the drawings in which: 

Fig, 1 is a simplified block diagram of apparatus, constructed and 

operative in accordance with a preferred embodiment of the present invention, for 

connecting a user to the Internet via any user-selected ISP from among a plurality 

oflSPs; 

Fig. 2 is an example of a screen display of the home user's computer of 

Fig. 1; 

Fig. 3 is a simplified flowchart illustration of a preferred method of 
operation for the apparatus of Fig. 1; 

Fig. 4 is a simplified block diagram illustration of apparatus for providing 
a virtual POP (point of presence) to an ISP, the apparatus being constructed and 
operative in accordance with another preferred embodiment of the present invention; 

Fig. 5 is a simplified flowchart illustration of a preferred method of 
operation of the apparatus of Fig. 4; 

Fig. 6 is a simplified block diagram illustration of a preferred embodiment 
of the routing center of Fig. 4; and 

Fig. 7 is a simplified flowchart illustration of a preferred method of 
operation of the apparatus of Fig. 1 or the apparatus of Fig. 4. 
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DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

Reference is now made to Fig. 1 which is a simplified block diagram 
of apparatus 15, constructed and operative in accordance with a preferred 
embodiment of the present invention, for connecting a user to the Internet via any user- 
5 selected ISP from among a plurality of ISPs 10. 

As shown, the apparatus of Fig. 1 includes the following sub- 
systems: 

An authentication server 14 that validates if the user can use the service; 
An accounting server/manager 20 that monitors the start and end of the 
10 connections to the service and to a specific ISP 10; 

An DP address manager 30 that allocates and collects back IP addresses 
of each ISP 10 Typically, each ISP allocates a typically static pool of available IP 
addresses from the EP address pool assigned to that ISP and communicates information 
including the available IP addresses to the IP address manager 30 by any appropriate 
15 means. The IP address manager 30 keeps track of the available IP addresses for each 

ISP and allocates an appropriate IP address on demand. When a user disconnects from 
the ISP the IP address manager preferably reclaims the address for future users; 

A router configuring engine 40 that configures the router 50 in order 
to connect the user to a desired ISP 10; and 
20 A network access server (NAS) 60 is operative to generate an 

appropriate user interface, preferably a GUI (graphical user interface) that presents the 
user with the ISP 10 and their rates and enables the user to choose an ISP 10, change 
an ISP 10 and elect to disconnect from an ISP 10. Typically, the GUI comprises an 
HTML file sent by the NAS 60 to the computer 70 of the home user(VIA A 
25 NETWORK 80?). This HTML file is typically rendered as a GUI screen by the web 
browser of home computer 70. 

Typically, the GUI displays to the user the speed of each ISP's 
connection to the Internet, where the displayed speed is preferably the actual speed 
from the user's perspective, but may alternatively comprise one or more speeds of 
30 components of the ISP's network- 
Preferably, the GUI displays some or all of the following options: 
1. Connect to fastest ISP. 
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2. Connect to cheapest ISP. 

3. Connect to most cost-effective ISP. 

Preferably, an ISP performance manager 90 is provided which 
monitors the performance level of each ISP 10 and generates quality of service statistics. 
5 The results are typically aggregated by time and statistics for the last measured 

period are typically shown to the user. Actual performance of an IDS may typically be _ 
based on the time required for the ISP performance manager 90 to perform a predefined 
set of tasks, such as retrieving specified Internet information or executing an Internet 
ping, through each ISP 10. Under this definition of actual performance, a shorter time 
10 to complete the task indicates greater actual performance. 

Preferably, each ISP is provided with an ISP manager which allows 
each ISP to collect information such as currently connected user report, port 
monitoring, accounting and billing information. 

Fig. 2 is an example of a screen display which may be generated by the 
15 GUI of NAS 60. As shown, the screen display includes a list of a plurality of ISPs 10 

plus comparative data regarding each of the ISPs, thereby allowing a user to make an 
intelligent choice, for example, by pressing the appropriate "Connect" screen button. 

Fig. 3 is a simplified flowchart illustration of a preferred method of 
operation for the apparatus of Fig. 1. As shown, in step 1 1 0, the user initially connects 
20 to NAS (Network Access Server) 60 (Fig. 1) via a network 80 such as a PSTN 

(Public Switched Telephone Network) or via the ISDN (Integrated Services Digital 
Network). 

In step 120, the NAS 60 authenticates the user, using a suitable protocol 
such as the RADIUS (Remote Authentication Dial In User Service) protocol, which 
25 protocol is well-known in the an and is described in RFC 2138 and RFC 2139, both 
dated April 1997 and both published by the Internet Engineering Task Force. The 
authentication may succeed, for example, if: 

a. the number called by the user is that of the central service, it 

being well known in the art, in the case of telephone numbers dedicated to a single ISP, 
30 to have a global service telephone number for Internet access, the global number being 
used from any location and- switching to a local point of service being automatically 
accomplished; the present invention provides an analogous service for multiple ISPs; and 
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b. there is a CLID (calling number identification). In other words, 

optionally, each home computer 70 is assigned a caller ID. The user is prompted to 
enter his caller ID and the NAS 60 then performs a CLID procedure to determine 
whether the calling party is calling from a valid telephone number and is therefore an 
authorized user. 

In step 130, the authentication server 14 then requests an IP (Internet 
Protocol) address for the user from the IP (Internet protocol) addresses manager 30. 
The IP address which is assigned for this purpose is typically an IP address from the IP 
address pool of the service provider, as described above. In the present invention, each 
user has a first IP address for the connection, which is allocated by the IP address 
manager 30 to the user when the connection is established and remains with the user 
until the user hangs up the call. Each user also may have a second IP address, 
dynamically allocated by the IP address manager 30 for communication with a given 
ISP. It is appreciated that the first IP address is used to establish the connection, to 
enable the user to view the HTML page which offers the user a choice of ISPs, and to 
enable the communication necessary to switch between ISPs, while the second IP 
address is used for communicating with the Internet. Typically, during operation of the 
present invention, the first IP address, when used by the user, is translated to the second 
IP address as necessary. Typically, the first IP address may be supplied by a pool of 
private IP addresses in accordance with RFC 1918. 

In step 140, the user is connected to the internal network such as, for 
example, the network 15 of Fig. 1 including the NAS 60, the authentication server 14, 
the IP address manager 30, the central router 50, the accounting server 20, and the 
router configuration server 40. 

In step 150, the user accesses the service HTML (Hyper Text Markup 
Language) home page from her or his browser. The system's server is acting as a 
worldwide web (WWW) server to the home user's client web browser and the user's 
browser renders the HTML web page into a viewable web page. The home page 
typically includes a list of available ISPs 1 0 and comparative data regarding each 
ISP 10, including the rate/s of the service, for example, as shown in Fig. 2. 

In step 160, the user selects an ISP 10. The user may click on one of the 
displayed ISPs or alternatively, the user may click on one of the following GUI buttons, 
if provided: 

11 
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1 . Connect to fastest ISP. 

2. Connect to cheapest ISP. 

3. Connect to most cost-effective ISP. 

In step 170. a RADIUS access-request message (including the selected 
ISP) is sent by the NAS 60 to the authentication server 14 The message requests the 
IP manager 30 to allocate an IP address for the connection, from the IP address pool 
of the user-selected ISP 10. 

In step 180, the router configuring engine 40 configures the NAT 
(Network Address Translation) tables of the router 50 and the routing policies of the 
router 50 using a suitable protocol such a HTTP (Hyper Text Transfer Protocol) for 
communications therebetween. 

From this time on, the user's IP frames are forwarded to the network of 
the user-selected ISP 10 and the user can connect to the Internet. Therefore (step 
190), at this time NAS 60 sends a RADIUS start-accounting message to 
accounting manager 20. 

At a suitable time (step 200), the user discontinues his connection to 
the current ISP 10, e.g. by pushing the disconnect button or by choosing a different 
ISP). 

Following (step 210), NAS 60 sends a RADIUS stop-accounting 
message to accounting manager 20. 

Accounting manager 20 returns the IP address of the ISP 10 to the IP 
address manager 30 (step 220). 

When the user disconnects the call (step 230), the NAS 60 sends a 
RADIUS stop accounting message to the accounting manager 20 (step 240). The 
accounting manager 20 returns the IP addresses of the connection between the user and 
the system of Fig. 1, described above as the first IP address, and the IP for 
communication with the ISP 10, described above as the second IP address, to the IP 
address manager 30 (step 250). 

A particular advantage of a preferred embodiment of the present 
invention is that each ISP need not establish a POP (point of presence) site in each 
area code within the ISP's customer base. Also, each ISP need not install and maintain 
its own billing and collecting system. 
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Another advantage of a preferred embodiment of the present invention 
is that it allows full scale Internet shopping without the user's having to give out his or 
her credit card number. Instead, payments for bought goods are charged on the 
customer's telephone bill. 

Reference is now made to Fig. 4, which is a simplified block diagram 
illustration of apparatus for providing a virtual POP (point of presence) to an ISP, the 
apparatus being constructed and operative in accordance with another preferred 
embodiment of the present invention. The apparatus of Fig. 4 comprises a routing 
center 245, typically integrated with a telephone local access office (not shown), but 
alternatively functioning as a stand-along routing center. 

The apparatus of Fig. 4 also typically comprises an authentication/ISP 
routing center (AIR) 252, which is provided with a telecommunications link, preferably a 
high-speed private IP network link, to the routing center 245. The AIR 252 typically 
comprises an authentication server 255, typically a RADIUS server as is well known in 
the art. The AIR 252 also typically comprises an ISP routing server 260, which is 
described in more detail below. The authentication server 255 and the ISP routing 
server 260 are preferably provided with an appropriate two-way communications link 
therebetween. 

The apparatus of Fig. 4 also comprises at least one ISP 265. For 
purposes of simplicity of description, only one ISP 265 is shown in Fig. 4, but it is 
appreciated that typically a plurality of distinct ISPs 265 will be provided. 

The operation of the apparatus of Fig. 4 is now briefly described. A user 
270 of the apparatus of Fig. 4, the user 270 typically comprising a home computer user, 
establishes a telecommunications connection, typically ? PSTN or ISDN connection, 
with the routing center 245, using methods well-known in the art. The routing center 
245 reports the fact of the incoming call, typically together with identifying information 
such as, typically, the telephone number of the caller, to the ATR 252. 

Within the AIR 252 the identifying information is passed to the 
authentication server 255 and is there authenticated, typically using RADIUS methods, 
as is well-known in the an. If the result of the authentication is a determination that the 
user is not authorized, this fact is passed back to the routing center 245, which typically 
terminates the call of the user 270. If the result of the authentication is a determination 
that the user is authorized, this fact, optionally including further identifying information 

13 



WO 00/1 491 9 PCT/IL98/00427 

for the user, is passed to the ISP routing server 260. 

The ISP routing server 260 determines to which ISP 265 the user 270 
should be connected. A determination of an ISP 265 may be based on the telephone 
number chosen by the user 270, such that, from the point of view of the user 270, the 
apparatus of Fig. 4 presents a virtual ISP which functions identically, to the user 270, to 
a real conventional ISP The telephone number may be obtained using Dialed Number 
Identification System (DNIS), as is well known in the art, or by other appropriate 
means. Alternatively, the determination of the ISP may be based, for example, in whole 
or in part, on any one or combination of the following: the telephone number of the user 
270, which may be determined by a caller identification method, as is well-known in the 
art; identifying information and/or further identifying information of the user 270; profile 
information for the user 270, the profile information typically being stored by the ISP 
routing server 260; by a domain name selected by the user 270, and based on 
information, typically stored by the ISP routing server 260, indicating which one or more 
ISPs is preferred for that domain; or any other appropriate information. 

After the ISP routing server 260 has determined the one ISP 265 to 
which the user 270 should be connected, the AIR 252 communicates the identity of the 
ISP to the routing center 245. The routing center 245 then sets up an appropriate 
routing definition, as is well-known in the art, and routes IP packets between the user 
270 and the ISP 265, transparently to the user 270 and the ISP 265 Thus a virtual 
user-ISP connection, virtual in the sense that the physical link between the routing center 
245 and the ISP 265 can be used to establish many such connections for a plurality of 
users, is established between the user 270 and the ISP 265, and thus the apparatus of 
Fig. 4 acts effectively as a virtual POP. 

Preferably, the routing center 245 is operative to maintain accounting 
records of all connections from any user 270 to any ISP 265, the accounting records and 
the apparatus and methods used for maintaining the accounting records typically being 
similar to those well-known in the art in telephone central office systems. Preferably, 
accounting records maintained by the routing center 245 are used to report usage and/or 
charges to each ISP 265, or to directly invoice each user 270, typically in accordance 
with rates and regulations established by each ISP 265, for usage of each ISP 265. 
Alternatively or additionally, the accounting records may be used to charge each ISP 
265 for routing services provided. 

14 
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In the apparatus of Fig. 4 any appropriate communications link, such as a 

private network as is well-known in the art, may be used for communications between 

the routing center 245 and the AIR 252. 

Reference is now made to Fig. 5, which is a simplified flowchart 

illustration of a preferred method of operation of the apparatus of Fig. 4. The method of 

Fig. 5 preferably includes the following steps: 

Communications, typically in the form of an available channel for 

communications which may not yet be in active use, is provided, from a network 
routing center such as the network routing center 245 of Fig. 4, with a network user and 
with at least one ISP (step 275). Upon receipt of an identification of the network user 
from the routing center (step 280), typically as described above with reference to Fig. 4, 
the network user is typically authenticated (step 285). The authentication is based, at 
least in part, on the identification of the network user from step 280, and may also be 
based on a variety of other factors as described above with reference to Fig. 4 Such 
other factors might include, for example, smart token authentication, one-time password 
authentication, and smart-card based authentication, which are well-known in the art. 
Although it is believed to be preferable to include step 285 in the method of Fig. 5, it is 
appreciated that, in another preferred embodiment of the method of Fig. 5, step 285 may 
be omitted. 

An ISP is chosen, typically based in part on a telephone number called by 
the user and/or on the authenticated identification of the user and/or on other factors, as 
described above with reference to Fig. 4; an ISP identification identifying the ISP is 
communicated to the routing center (step 290). 

Communications are routed from the network user to an ISP associated 
with the ISP identification (step 300). 

It will be appreciated by persons skilled in the art that the method of Fig. 
5 provides network users and ISPs with a virtual point of presence. It will also be 
appreciated by persons skilled in the an that the method of Fig. 5 when used with the 
apparatus of Fig. 4, by consolidating the necessary infrastructure for a plurality of ISPs, 
allows pooling of unused resources that would, in a conventional prior art system, be 
unavoidably split between ISPs. Such pooled unused resources could be used for a 
variety of purposes such as. for example, to consolidate unused bandwidth during off 
peak hours for resale, such as, for example, for resale by ISPs as leased lines, typically 
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Tl or T3 lines. 

Reference is now made to Fig. 6, which is a simplified block diagram 
illustration of a preferred embodiment of the routing center 245 of Fig. 4. It is 
appreciated, as described further below, that components of Fig. 6 may also be used in a 
5 preferred embodiment of the system of Fig. 1, to perform similar functions therein. 

The apparatus of Fig. 6 preferably comprises a routing control unit 310. 
The routing control unit 310 may be operative, as described above with reference to Fig. 
4, to perform the routing operations of the routing center 245 of Fig. 4. 

The apparatus of Fig. 6 also preferably comprises a database subsystem 
10 320 and a reporting subsystem 330. The database subsystem 320 and the reporting 

subsystem 330 may, if comprised in a preferred embodiment of the system of Fig. 1, be 
comprised, for example, in the accounting server 20 of Fig. 1, or in any other 
appropriate component of the system of Fig. 1. 

The routing control unit 310, the database subsystem 320, and the 
15 reporting subsystem 330 are preferably implemented in any suitable combination of 

computer hardware and software, as is well-known in the art. The routing control unit 
310, the database subsystem 320, and the reporting subsystem 330 are all preferably in 
operative communication with each other. 

The operation of the apparatus of Fig. 6 is now briefly described. The 
20 routing control unit 310 reports its routing activities, typically but not necessarily 

including essentially all of its routing activities, to the database subsystem 320, which 
stores the reported activities in any appropriate database. Typically, routing activities 
reported include, for a combination of the operations of the system of Fig. 1 and the 
apparatus of Fig. 4, one or more of the following: user requests to connect to a 
25 particular ISP; automatic user connection to an ISP; length of user session; number of 
packets and/or bytes transferred during user session; charges allocated to users, ISPs, or 
others; and any other appropriate available information on the usage and operation of 
the system of Fig. 1 and/or the apparatus of Fig. 4. 

The reporting system 330 is operative, typically upon receipt of a request 
30 from an administrative user of the system and/or periodically, to analyze some or all of 

the information comprised in the database maintained by the database subsystem 320 and 
to generate reports based thereon. It is appreciated that a very wide variety of reports 
could thus be generated. Some examples of information which might typically be 
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included in such a report include the following: 

utilization of infrastructure, such as, for example, phone lines and 
communications bandwidth, by ISP or other service provider, by type of port or 
connection, by IP address, or by any other appropriate factor; 

distribution of calls between network access servers, between ISPs or 
other service providers, or otherwise; 

detection of possible system bottlenecks or potential future system 

bottlenecks; 

planning projections of future system usage based on current system 

usage; 

revenue reports; 

availability and unavailability reports, due to system faults or other 

events; 

service utilization reports; 

reports on the impact of known promotional activities on system usage; 

and 

any of the above reports according to hours of the day, days of the week, 
and/or peak and off peak hours and/or days; 

It is appreciated that, given the apparatus of Figs. 1, 4, and 6 and the 
above description, a person skilled in the art could produce the above reports using 
methods well known in the art, particular in the fields of database systems and 
management reporting. 

Reference is now made to Fig. 7, which is a simplified flowchart 
illustration of a preferred method of operation of the apparatus of Fig. 1 or the apparatus 
of Fig. 4. The method of Fig. 7 will be described primarily with implicit reference to 
Fig. 4, it being appreciated that a person skilled in the an could also use the method of 
Fig. 7 with the apparatus of Fig. 1. It is also appreciated that the method of Fig. 7 is 
generally useful for accounting for payments internal to the systems of Fig. 1 and Fig. 4. 
The method of Fig. 7 preferably includes the following steps: 
A connection is established, through a routing center 245, between a user 
270 and a service provider ISP 265 (step 340). The connection may be established using 
any appropriate method, typically as explained above with reference to Figs. 1 and 4, in 
which the routing center or a similar system component is responsible for maintaining 
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the connection between the user and the service provider. The routing center routes the 
communications between the user and the service provider (step 350), typically as 
explained above. 

The user 270 requests, through the service provider an item associated 
with a payment (step 360). Without limiting the generality of the foregoing, typically the 
provider comprises an ISP and the user request is made through a site on the WWW, the 
site being accessed by the user via the ISP, and hence, transparently to the user, via the 
routing center. 

At the point where payment is to be authorized, the authorization is 
initiated by the routing center (step 370), and the routing center receives thereafter 
billing information including a request to make the payment (step 380). Typically, in the 
case referred to above of a WWW site, the billing information originates at the WWW 
site. 

The following steps are typically performed but are optional: The routing 
center aggregates a plurality of requested payments into a single payment (step 390) and 
pays the requested payment, typically an aggregated payment (step 400). It is 
appreciated that payments in the WWW may be very small, and that therefore the ability 
to aggregate small payments, including small payments from different users, and to pay 
in a single aggregated payment is preferably included in the method of Fig. 7. 

It is appreciated that the software components of the present invention 
may, if desired, be implemented in ROM (read-only memory) form. The software 
components may, generally, be implemented in hardware, if desired, using 
conventional techniques. 

It is appreciated that various features of the invention which are, for 
clarity, described in the contexts of separate embodiments may also be provided in 
combination in a single embodiment. Conversely, various features of the invention 
which are, for brevity, described in the context of a single embodiment may also be 
provided separately or in any suitable subcombination. 

It will be appreciated by persons skilled in the an that the present 
invention is not limited to what has been particularly shown and described hereinabove. 
Rather, the scope of the present invention is defined only by the claims that follow: 
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L A system for connecting to Internet service providers via networking 

circuitry, the system comprising: 

a user interface operative to display information regarding a plurality of 
Internet service providers including quality of service information and to accept a user's 
choice of an Internet service provider from among the plurality of Internet service 
providers, thereby to define a user-selected Internet service provider, and 

a configurator operative to connect the user to the user-selected Internet 
service provider by generating an on-the-fly configuration of the networking circuitry. 

2. A system according to claim 1 wherein the user interface comprises 
a web-based display. 

3. A system according to claim 1 or claim 2 wherein the user interface 
comprises a display of at least some of the plurality of Internet service providers. 

4. A system according to claim 1 or claim 2 and also comprising user 
identification apparatus operative to identify the user. 

5. A system according to claim 4 and wherein the user identification 
apparatus is operative to identify the user based on a telephone number used by the user 
to establish a connection with the system. 

6. A method for connecting to Internet service providers via networking 
circuitry, the method comprising: 

displaying information regarding a plurality of Internet service providers 
including quality of service information; 

accepting a user's choice of an Internet service provider from among the 
plurality of Internet service providers, thereby to define a user-selected Internet service 
provider; and 

connecting the user to the user-selected Internet service provider by 
generating an on-the-fly configuration of the networking circuitry. 
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7. A virtual point of presence (POP) comprising: 

a routing center operative to communicate with a network user and with 
at least one Internet Service Provider (ISP) and to route communications therebetween; 
and 

an authentication and ISP routing center receiving an identification of the 
network user from the routing center and operative: 

to authenticate the network user based, at least in part, on the 
identification of the network user; and 

to choose an ISP and to communicate an ISP identification 
identifying the ISP to the routing center, 

wherein the routing center is operative, upon receipt of the ISP 
identification, to route communications from the network user to an ISP associated with 
the ISP identification. 

8 - Apparatus according to claim 7 and wherein the authentication and ISP 
routing center is operative to choose the ISP based on a telephone number of the 
network user. 

9 - Apparatus according to claim 7 wherein the authentication and ISP 
routing center is operative to choose the ISP based, at least in part, on at least one of the 
following: a telephone number of the network user; identifying information of the 
network user; and profile information of the network user. 

10- Apparatus according to claim 7 and wherein the routing center is also 
operative to maintain accounting records of routing services performed for the network 
user and the ISP. 

11. A method for providing a virtual point of presence (POP) using a 

network routing center, the method comprising: 

providing communications, from the network routing center, with a 
network user and with at least one Internet Service Provider (ISP); 
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receiving an identification of the network user from the routing center, 

authenticating the network user based, at least in part, on the 
identification of the network user; 

choosing an ISP and communicating an ISP identification identifying the 
5 ISP to the routing center; and 

routing communications from the network user to an ISP associated with 
the ISP identification. 

12. A method according to claim 6 or claim 1 1 and also comprising; 
10 storing utilization information in a database. 

13. A method according to claim 12 and also comprising: 
producing a report based on the utilization information. 

15 14. A payment processing method for processing payments over a network, 

the network comprising a routing center for routing communications between at least 
one user and at least one service provider, the method comprising: 

establishing a connection, through the routing center, between a user and 
a service provider; 

20 routing communications, at the routing center, between the user and the 

service provider; 

requesting, through the service provider, an item associated with a 

payment; 

initiating, at the routing center, an authorization of the payment; and 
25 receiving, at the routing center, billing information including a request to 

pay the payment. 

15. A method according to claim 14 and also comprising; 

paying the requested payment from the routing center. 



30 



16. A method according to claim 15 and also wherein the paying step 

comprises; 
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aggregating a plurality of requested payments into a single payment. 

17. A method according to any of claims 14 - 16 and wherein the service 
provider comprises an Internet service provider (TSP), and 

5 the requesting step comprises requesting an item from a World Wide 

Web (WWW) site. 

18. A system according to claim 1 and also comprising an on-the-fly ISP 
performance monitor operative to monitor performance of at least one ISP on the fly 

10 and to supply at least one quality of service parameter to the user interface for display. 

19. A system according to claim 1 and also comprising an infrastructure 
leaser operative to lease network infrastructure to at least one Internet service provider. 

15 20. A system according to claim 19 wherein the infrastructure leaser is 

operative to lease network infrastructure to at least one Internet service provider from 
among said plurality of Internet service providers. 

21. A system according to claim 19 and also comprising a resource utilization 
20 monitor operative to record information regarding occurrence of at least one of the 

following situations with respect to network infrastructure leased by at least one Internet 
service provider: 

underutiiization of the infrastructure leased by the at least one Internet 
service provider; and 

25 overutilization of the infrastructure leased by the at least one Internet 

service provider. 

22. A system according to claim 21 wherein said recording step is performed 
on the fly. 

30 
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FIG. 



USER CONNECTS TO NETWORK ACCESS SERVER 60 



NETWORK ACCESS SERVER 60 AUTHENTICATES USER 
TYPICALLY USING CALLER ID 



AUTHENTICATION SERVER 14 REQUESTS IP 
ADDRESS FROM IP ADDRESS MANAGER 30 



-110 

-120 
■130 



USER IS CONNECTED TO INTERNAL NETWORK 



-140 



USER ACCESSES HTML HOME PAGE 



USER SELECTS ISP 10 



150 



160 



RADIUS ACCESS-REQUEST MESSAGE, INCLUDING SELECTED ISP, 
SENT TO AUTHENTICATION SERVER 14 



-170 



ROUTER CONFIGURING ENGINE 40 CONFIGURES NAT TABLES OF ROUTER , 
50 AND ROUTING POLICIES OF CENTRAL ROUTER, USING HTTP PROTOCOL 
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RADIUS START-ACCOUNTING MESSAGE SENT TO ACCOUNTING SERVER 20 -^190 
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USER ELECTS TO DISCONTINUE CONNECTION TO ISP 10 
OR TRANSFER TO ANOTHER ISP 10 



-200 



RADIUS STOP-ACCOUNTING MESSAGE SENT TO 
ACCOUNTING SERVER 20 BY NAS 60 



210 



IP ADDRESS OF ISP 10 RETURNED TO IP ADDRESS MANAGER 30 



220 



USER DISCONNECTS CALL 



NAS 60 SENDS RADIUS STOP-ACCOUNTING MESSAGE 
TO ACCOUNTING MAMAGER 20 



230 



240 



ACCOUNTING MANAGER 20 RETURNS IP ADDRESSES OF CONNECTION 
AND OF ISP 10 TO IP ADDRESS MANAGER 30 
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FIG. 5 



PROVIDE COMMUNICATIONS, FROM THE 
NETWORK ROUTING CENTER, WITH A NETWORK 
USER AND WITH AT LEAST ONE INTERNET 

SERVICE PROVIDER (ISP) 
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RECEIVE A USER IDENTIFICATION OF THE 
NETWORK USER FROM THE ROUTING CENTER 
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AUTHENTICATE THE NETWORK USER BASED, 
AT LEAST IN PART, ON THE IDENTIFICATION 
OF THE NETWORK USER (STEP 280) 



CHOOSE AN ISP AND COMMUNICATE AN ISP 
IDENTIFICATION IDENTIFYING THE ISP TO 
THE ROUTING CENTER 
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285 
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ROUTE COMMUNICATIONS FROM THE 
NETWORK USER TO AN ISP ASSOCIATED 
WITH THE ISP IDENTIFICATION 
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FIG. 7 



ESTABLISH A CONNECTION, THROUGH THE 
ROUTING CENTER, BETWEEN A USER AND 
A SERVICE PROVIDER 



340 



ROUTE COMMUNICATIONS, AT THE ROUTING 
CENTER, BETWEEN THE USER AND 
THE SERVICE PROVIDER 



350 



REQUEST, THROUGH THE ROUTING CENTER, 
AN ITEM ASSOCIATED WITH A PAYMENT 



360 



INITIATE, AT THE ROUTING CENTER, AN 
AUTHORIZATION OF THE PAYMENT 



370 



RECEIVE, AT THE ROUTING CENTER, BILLING 
INFORMATION INCLUDING A REQUEST TO MAKE 

THE PAYMENT 

1 
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AGGREGATE A PLURALITY OF REQUESTED 
PAYMENTS INTO A SINGLE PAYMENT 



380 



390 



PAY THE REQUESTED PAYMENT FROM 
THE ROUTING CENTER 



400 



e ll «3 S 3 O *» ..3 :I„ . O '4it JL l 9 HO 
TTORNEY FOR PATENT APPLICATION 

As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below, next to my name. 

I believe I am the original, first, and sole inventor (if only one name is listed below) or any original, first, and 
joint inventor (if plural names are listed below) of the subject matter which is claimed and for which a patent is 
sought on the invention entitled 

APPARATUS AND METHODS FOR CONNECTING A NETWORK USER TO A 

NETWORK SERVICE PROVIDER 



the specification of which [~J is attached hereto. 

was filed on September 2, 1998 as 

United States Application Number 



or PCT International Application Number PCT/IL98/00427 

and was amended on — - — 



(if applicable) 

I hereby state that I have reviewed and understand the contents of the above-identified specification, including 
the claim(s), as amended by any amendment referred to above. I do not know and do not believe that the 
claimed invention was ever known or used in the United States of America before my invention thereof, or 
patented or described in any printed publication in any country before my invention thereof or more than one 
year prior to this application, that the same was not in public use or on sale in the United States of America more 
than one year prior to this application, and that the invention has not been patented or made the subject of an 
inventor's certificate issued before the date of this application in any country foreign to the United States of 
America on an application filed by me or my legal representatives or assigns more than twelve months (for a 
utility patent application) or six months (for a design patent application) prior to this application. 

I acknowledge the duty to disclose all information known to me to be material to patentability as defined in Title 
37, Code of Federal Regulations, Section 1.56. 

I hereby claim foreign priority benefits under Title 35, United States Code, Section 1 19(a)-(d), of any foreign 
application(s) for patent or inventor's certificate listed below and have also identified below any foreign 
application for patent or inventor's certificate having a filing date before that of the application on which priority 
is claimed: 



Prior Foreign Application(s) : 



APPLICATION 
NUMBER 


COUNTRY (OR 
INDICATE IF PCT) 


DATE OF FILING 
(day, month, year) 


PRIORITY CLAIMED 








□ No □ Yes 








□ No OYes 








□ No □ Yes 



I hereby claim the benefit under Title 35, United States Code, Section 1 19(e) of any United States provisional 
application(s) listed below: 



APPLICATION 
NUMBER 


FILING DATE 











Docket No. 03394.P003 



Pg 1 
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halow and insofar ** ite wbfcci«aalter of of ifacctaiJM oft^*«ppfictKiopi« not dineloscd mllie pnor 

1 12 J aelnowlodso the duiy to disclose all htfomnation known to ma id be imttrtol 1* natcnfabimy w iteOned m 
'llili 37, Code oFfc&mf AsEisfeikttu, Section 136 «*IeH b»mfril^l*ildBbri*m ifiefihtig date tffthc pilot 
oppllccaion and Hie i union aI or VCTt ifticrtWMtonal filmjg dausof Uito application: 



fTTATUS (ISSUED. 





cff. Na~^9j(E>7; laoima jo cotiuig*Dy, Kc^, No. 4 1 >6R^ Mi chael 

4ajHlS;_Thi«b V. Nguytn. to No, Dennis A. NichoU*. J^^^|&Lka A-Ntt^M. No. 

3^77TM^na McCormack Sobtino, tafcT^Sl^^jLmltfy W- SokotofT, RnTNa ajasJud hh A, § 

Twumwsfci Jfeefr ^S^SJMtUxtncJ. V>nccnt. Ra* Ncl ff^SS; Glenn FL VoaToncft, ltc^No^364;7ohii 
Rrtriclt Ward, Ketf- Ncv. 40^1^ Cfaika; T.JJWolgSll* Boil No: 4W^A JunoiM. Wi/« R^ Nfl ; i^P 
Stoves D, Yh*m. £»2»NlV4I1£IL and Nofnum Zifattft, Ko- £§330* ^ aOwnricy*; aod Andrew C Cllcn* 
Kan* No. 4*&Mt Jusfin M. Dillon, Rot. Nodl4S^ and Jobn K T/iv^ffceifc No. 43^0?^ tvMent Menis. 
u/lin oHltt? located at 12400 W>Uhte Bo JlcvSSfTTO Floor, Lte Anode* CBHbnm9KK telephofioplO) 
207-3®na **h tall power oruabiUvutfoo and rcvecatkn, to prosecute ihh jpplkiuicm and to (nonet all 
btiHl news ]xi lho PateAl and TtedcciKufc Office connected KcigwiiIl 



] licrcby docla/e dm «H sUil^nenci iniKte hoieCn of my own knovffcd«& fins mms und ihat all sifllcmcnls made on 
infoTOiAitort ttiut bclidf an? bctfcvccltobo tmo; aitcl futthmr that thoga AttBinanm wote mttda widt Uio kmwtcdgc 
. Umi willful fbffte Mfoinontft and the m nukkm punishable by nnoor frnpriaooin^aU <vbotih, uttdor 
53cDlPtnu 1001 or Tills 1g of ibe Italia* Slate* Cod^ Md LUtt *tich willAil Ihra&stafeincOmnayJcopKirdiai die 
validly or <hc i^xplica^oo or arfy pd£i\L issued Umon, 



PaH Name of Sok/Kfnf lav*f>ior^M» mte, ftmlty nam^> 
Rof&fcrictt 1 3 P btftch 'XfkWL Ttiffl Ci 
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D^d No. O&l'M-l'OOCt 



